Updating and moving to a new server

Support
94

getting this error when uploading an attachment (pdf or other) in a quote page not allowing the upload of a .pdf or jpg etc

image
image895×350 18.3 KB

But I think Chat gpt is telling me to edit php files that clearly say do not edit.

I did a few tests as chat gpt said it was likely because if session time outs but…

Hi CHATGPT, I logged out of invoice plane then logged in again and the same error occurs (i have not implemented any changes chatgpt has suggested yet). But i think it is not due to a session time out because i logged out and back in again

ChatGPT said:

Good! This is important detail.
Let’s slow down and analyze it very precisely:

:brain: Facts you just confirmed:

  • You logged out and logged back in (fresh session :white_check_mark:).
  • You still get the “An Error Was Encountered - The action you have requested is not allowed” when trying to upload a file to a quote.
  • You have NOT implemented any of the CSRF fixes I suggested yet.

:arrow_right: Therefore this is NOT a simple session timeout issue.
:arrow_right: It is a live, structural CSRF validation failure happening every time, not just after waiting a long time.

:dart: Conclusion:

:white_check_mark: The real root problem is:
The file upload form or file upload AJAX is missing the required CSRF token ( _ip_csrf ).

And because in your config.php:

php

CopyEdit

$config['csrf_protection'] = env('CSRF_PROTECTION', true);

and

php

CopyEdit

$config['csrf_regenerate'] = true;

CSRF protection is always enforced, and after any POST, the token must be valid and refreshed.

:clipboard: In plain English:

Even after a fresh login,
if the upload form does not POST the _ip_csrf token,
the server immediately blocks the upload with:

The action you have requested is not allowed.

:white_check_mark: That is normal behavior from CodeIgniter’s CSRF system.

:hammer_and_wrench: So to fix this 100%:

:white_check_mark: You must modify the upload form to send the CSRF token correctly.

:white_check_mark: You must add the CSRF token into any AJAX upload manually if the upload is done via JavaScript.

:white_check_mark: You must refresh the CSRF token after each successful file upload because of csrf_regenerate = true.

:loudspeaker: Important confirmation:

:large_blue_circle: You don’t need to disable CSRF.
:large_blue_circle: You don’t need to change session settings.
:large_blue_circle: You don’t need to log out/in every time.

ETC

Seems related to this thread I think Problem with upload in invoice - #24 by UnderDog